This appendix maps audit event names used in IBM DB2 for LUW to their equivalent values in the command_class and target_type fields in the Oracle AVDF audit record. The audit events are organized in useful categories, for example, Account Management events. You can use the audit events mapped here to create custom audit reports using other Oracle Database reporting products or third-party tools. See also "Oracle Audit Vault and Database Firewall Database Schemas" for Oracle AVDF data warehouse details that may be useful in designing your own reports.
Account management events track SQL commands that affect user accounts, such as the UNLOCK ADMIN ACCOUNT
command. Table G-1 lists the IBM DB2 account management events and the equivalent Oracle AVDF events.
Table G-1 IBM DB2 Account Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Add Default Role |
CREATE |
|
|
Add User |
|
Any from List 3 |
|
Alter User Add Role |
|
|
|
Alter User Add Role |
|
Any from List 3 |
|
Alter User Authentication |
|
Any from List 3 |
|
Alter User Drop Role |
|
Any from List 3 |
|
Authentication |
|
NULL |
|
Drop Default Role |
DROP |
NULL |
|
Drop User |
|
Any from List 3 |
|
Set Session User |
|
Any from List 3 |
Application management events track actions that were performed on the underlying SQL commands of system services and applications, such as the CREATE RULE
command.
Table G-2 lists the IBM DB2 application management events and the equivalent Oracle AVDF events.
Table G-2 IBM DB2 Application Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Alter Object |
|
Any from List 2 |
|
Create Object |
|
Any from List 2 |
|
Drop Object |
|
Any from List 2 |
Audit command events track the use of auditing SQL commands on other SQL commands and on database objects. Table G-3 lists the IBM DB2 audit command events and the equivalent Oracle AVDF events.
Table G-3 IBM DB2 Audit Command Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Alter Audit Policy |
|
|
|
Archive |
|
|
|
Audit Remove |
|
|
|
Audit Replace |
|
|
|
Audit Using |
|
|
|
Configure |
AUDIT |
NULL |
|
Create Audit Policy |
|
POLICY |
|
Drop Audit Policy |
NOAUDIT |
POLICY |
|
Prune |
|
NULL |
|
Start |
|
|
|
Stop |
|
|
Data access events track audited SQL commands, such as all SELECT TABLE
, INSERT TABLE
, or UPDATE TABLE
commands. The Data Access Report, described in "Data Access Report", uses these events.
Table G-4 lists the IBM DB2 data access events and the equivalent Oracle AVDF events.
Table G-4 IBM DB2 Data Access Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Execute |
|
|
|
Get DB Cfg |
GET |
NULL |
|
Get Dflt Cfg |
GET |
NULL |
|
Get Groups |
GET |
NULL |
|
Get Tablespace Statistic |
|
NULL |
|
Get Userid |
GET |
NULL |
|
Read Async Log Record |
|
NULL |
|
Statement |
|
|
|
Statement |
|
|
|
Statement |
|
|
|
Statement |
|
|
Exception events track audited error and exception activity, such as network errors. These events do not have any event names.
Invalid record events track audited activity that Oracle AVDF cannot recognize, possibly due to a corrupted audit record.
Object management events track audited actions performed on database objects, such as CREATE TABLE
commands. Table G-5 lists the IBM DB2 object management events and the equivalent Oracle AVDF events.
Table G-5 IBM DB2 Object Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Alter Object |
|
Any from List 2 |
|
Create Object |
|
Any from List 2 |
|
Drop Object |
|
Any from List 2 |
|
Rename Object |
|
Any from List 2 |
Peer association events track database link commands. These events do not have any event names; they only contain event attributes.
Role and privilege management events track audited role and privilege management activity, such as granting a user permissions to alter an object. Table G-6 lists the IBM DB2 role and privilege management events and the equivalent Oracle AVDF events.
Table G-6 IBM DB2 Role and Privilege Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Add Default Role |
CREATE |
NULL |
|
Alter Default Role |
ALTER |
NULL |
|
Alter Object |
|
Any from List 2 |
|
Alter security policy |
ALTER |
NULL |
|
Checking Function |
|
Any from List 1 |
|
Checking Membership In Roles |
VALIDATE |
NULL |
|
Checking Object |
|
Any from List 1 |
|
Checking Transfer |
VALIDATE |
NULL |
|
Create Object |
|
Any from List 2 |
|
Drop Default Role |
DROP |
NULL |
|
Drop Object |
|
Any from List 2 |
|
Grant |
|
Any from List 3 |
|
Grant DB Auth |
GRANT |
NULL |
|
Grant DB Authorities |
|
|
|
Grant DBADM |
|
|
|
Implicit Grant |
|
Any from List 3 |
|
Implicit Revoke |
|
Any from List 3 |
|
Revoke |
|
Any from List 3 |
|
Revoke DB Auth |
REVOKE |
NULL |
|
Revoke DB Authorities |
|
|
|
Revoke DBADM |
|
|
Service and application utilization events track audited application access activity, such as the execution of SQL commands.
Table G-7 lists the IBM DB2 service and application utilization events and the equivalent Oracle AVDF events.
System management events track audited system management activity, such as the CREATE DATABASE
and DISK INIT
commands. Table G-8 lists the IBM DB2 system management events and the equivalent Oracle AVDF events.
Table G-8 IBM DB2 System Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Activate DB |
|
|
|
Add Node |
|
|
|
Alter Bufferpool |
|
|
|
Alter Database |
|
|
|
Alter Nodegroup |
|
|
|
Alter Object |
|
Any from List 2 |
|
Alter Tablespace |
|
|
|
Backup DB |
|
|
|
Bind |
|
|
|
Catalog DB |
SET |
NULL |
|
Change DB Comment |
|
NULL |
|
Catalog Dcs DB |
SET |
NULL |
|
Catalog Node |
|
NULL |
|
Check Group Membership |
|
NULL |
|
Close Container Query |
|
|
|
Close Cursor |
|
|
|
Close History File |
|
|
|
Close Tablespace Query |
|
|
|
Configure |
|
|
|
Create Bufferpool |
|
|
|
Create Database |
|
|
|
Create DB at Node |
|
|
|
Create Event Monitor |
|
|
|
Create Instance |
|
|
|
Create Nodegroup |
|
|
|
Create Object |
|
Any from List 2 |
|
Create Tablespace |
|
|
|
DB2 Audit |
|
|
|
DB2 Remote |
|
|
|
DB2 Set |
|
|
|
Db2trc |
DROP |
NULL |
|
DBM Cfg Operation |
|
|
|
Deactivate DB |
|
|
|
Describe |
|
|
|
Describe Database |
|
|
|
Delete Instance |
|
|
|
Discover |
|
|
|
Drop Bufferpool |
|
|
|
Drop Database |
|
|
|
Drop Event Monitor |
|
|
|
Drop Node Verify |
DROP |
NULL |
|
Drop Nodegroup |
|
|
|
Drop Object |
|
Any from List 2 |
|
Drop Tablespace |
|
|
|
Enable Multipage |
|
|
|
External Cancel |
|
|
|
Estimate Snapshot Size |
|
|
|
Extract |
|
|
|
Fetch Container Query |
|
|
|
Fetch Cursor |
|
|
|
Fetch History File |
|
|
|
Fetch Tablespace |
RETRIEVE |
NULL |
|
Fetch Tablespace Query |
|
|
|
Flush |
|
|
|
Force Application |
|
|
|
Get Snapshot |
|
|
|
Get Usermapping From Plugin |
GET |
NULL |
|
Implicit Rebind |
|
|
|
Kill DBM |
|
|
|
List Drda Indoubt Transactions |
LIST |
NULL |
|
List Logs |
|
|
|
Load Msg File |
|
|
|
Load Table |
|
|
|
Merge DBM Config File |
|
NULL |
|
Migrate DB |
|
|
|
Migrate DB DIR |
|
|
|
Migrate System Directory |
|
|
|
Open Container Query |
|
|
|
Open Cursor |
|
|
|
Open History File |
|
|
|
Open Tablespace Query |
|
|
|
Prepare |
|
|
|
Prune Recovery History |
|
|
|
Quiesce Tablespace |
|
|
|
Rebind |
|
|
|
Redistribute |
|
|
|
Redistribute Nodegroup |
SEND |
NULL |
|
Release savepoint |
|
|
|
Rename Tablespace |
|
|
|
Reset Admin Cfg |
|
|
|
Reset DB Cfg |
|
|
|
Reset DBM Cfg |
|
|
|
Reset Monitor |
|
|
|
Restore DB |
|
|
|
Rollforward DB |
|
|
|
Run Stats |
|
|
|
Savepoint |
|
|
|
Set Appl Priority |
|
|
|
Set Event Monitor State |
SET |
NULL |
|
Set Monitor |
|
|
|
Set Runtime Degree |
|
|
|
Set Savepoint |
|
|
|
Set Tablespace Containers |
|
|
|
Single Tablespace Query |
|
|
|
Start DB2 |
|
|
|
Stop DB2 |
|
|
|
Uncatalog DB |
RESET |
NULL |
|
Unload Table |
|
|
|
Unquiesce Tablespace |
|
|
|
Update Admin Cfg |
|
|
|
Update Audit |
|
|
|
Update CLI Configuration |
UPDATE |
NULL |
|
Update DB Cfg |
|
|
|
Update DB Version |
UPDATE |
NULL |
|
Uncatalog Dcs DB |
RESET |
NULL |
|
Uncatalog Node |
RESET |
NULL |
|
Update DBM Cfg |
|
Any from List 3 |
|
Update Recovery History |
|
|
Unknown or uncategorized events track audited activity that cannot be categorized. Table G-9 lists the IBM DB2 unknown or uncategorized event and equivalent Oracle AVDF event.
User session events track audited authentication events for users who log in to the database.
Table G-10 lists the IBM DB2 user session events and the equivalent Oracle AVDF events.
Table G-10 IBM DB2 User Session Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Attach |
|
|
|
Authenticate |
|
|
|
Commit |
|
|
|
Connect |
|
|
|
Connect Reset |
|
|
|
Connect Reset |
|
|
|
Detach |
|
|
|
Global Commit |
|
NULL |
|
Global Rollback |
|
NULL |
|
Request Rollback |
|
NULL |
|
Rollback |
|
|
|
Set Session User |
|
NULL |
|
Switch User |
|
NULL |
|
Switch User |
|
NULL |
Target Type values associated with certain audit events can be any from the following lists. See the Audit Event tables in the appendix for references.
Possible Target Types |
---|
SYNONYM |
ALL |
POLICY |
BUFFERPOOL |
DATABASE |
EVENT MONITOR |
FUNCTION |
FUNCTION MAPPING |
VARIABLE |
HISTOGRAM TEMPLATE |
INDEX |
INSTANCE |
METHOD |
MODULE |
NODEGROUP |
NONE |
PROFILE |
PACKAGE |
PACKAGE CACHE |
REOPT VALUES |
ROLE |
SCHEMA |
SEQUENCE |
SERVER |
SERVER OPTION |
SERVICE CLASS |
PROCEDURE |
TABLE |
TABLESPACE |
THRESHOLD |
CONTEXT |
TYPE MAPPING |
TYPE&TRANSFORM |
USER MAPPING |
VIEW |
WORK ACTION SET |
WORK CLASS SET |
WORKLOAD |
WRAPPER |
XSR OBJECT |
Possible Target Types |
---|
SYNONYM |
POLICY |
BUFFERPOOL |
CONSTRAINT |
TYPE |
EVENT MONITOR |
FOREIGN_KEY |
FUNCTION |
FUNCTION MAPPING |
GLOBAL_VARIABLE |
HISTOGRAM TEMPLATE |
INDEX |
INDEX EXTENSION |
JAVA |
METHOD |
MODULE |
NODEGROUP |
NONE |
PACKAGE |
PRIMARY_KEY |
ROLE |
SCHEMA |
LABEL |
SECURITY LABEL COMPONENT |
POLICY |
SEQUENCE |
SERVER |
SERVER OPTION |
SERVICE CLASS |
PROCEDURE |
TABLE |
TABLESPACE |
THRESHOLD |
TRIGGER |
CONTEXT |
TYPE MAPPING |
TYPE&TRANSFORM |
CONSTRAINT |
USER MAPPING |
VIEW |
WORK ACTION SET |
WORK CLASS SET |
WORKLOAD |
WRAPPER |
Possible Target Types |
---|
RULE |
DATABASE |
FUNCTION |
VARIABLE |
INDEX |
METHOD |
MODULE |
SYNONYM |
NONE |
PACKAGE |
ROLE |
SCHEMA |
LABEL |
POLICY |
SERVER |
PROCEDURE |
TABLE |
TABLESPACE |
CONTEXT |
VIEW |
WORKLOAD |
XSR OBJECT |